Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-11 | CVE-2006-1700 | Unspecified vulnerability in Aweb Scripts Seller Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication. | 7.5 |
2006-04-11 | CVE-2006-1694 | SQL Injection vulnerability in XBrite Members.PHP SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-04-11 | CVE-2006-1692 | SQL-Injection vulnerability in Manic web Mwnewsletter 1.0.0B Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. | 7.5 |
2006-04-11 | CVE-2006-1691 | Input Validation vulnerability in Manic web Mwnewsletter 1.0.0B SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php. | 7.5 |
2006-04-11 | CVE-2006-1060 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xzgv Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required. | 7.5 |
2006-04-11 | CVE-2006-1689 | Local Unauthorized Access vulnerability in HP Hp-Ux 11.11 Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. | 7.2 |
2006-04-11 | CVE-2006-1685 | SQL Injection vulnerability in APT-webshop Modules.PHP Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. | 7.5 |
2006-04-11 | CVE-2006-1683 | SQL Injection vulnerability in Chipmunk Guestbook SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name. | 7.5 |
2006-04-08 | CVE-2006-0951 | Local Security vulnerability in Eset Software Nod32 Antivirus 2.5 The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors. | 7.2 |
2006-04-07 | CVE-2006-1672 | Multiple vulnerability in Cisco Optical Networking System and Transport Controller The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049. | 7.5 |